Hacker Exploits Google Gemini CLI for Botnet Operations and C2 Migration

www.news4hackers.com-hacker-exploits-google-gemini-cli-for-botnet-operations-and-c2-migration-hacker-exploits-google-gemini-cli-for-botnet-operations-and-c2-migration-1

A cybersecurity research report has uncovered that a threat actor, operating in Russian, leveraged Google’s open-source Gemini CLI tool as a hacking agent to facilitate cyber operations.

The Threat Actor’s Activities

The investigation revealed the individual utilized the AI tool to oversee a small botnet, transition command-and-control (C2) infrastructure, manage compromised systems, and execute various technical tasks related to attacks through natural language commands.

AI as a Hacking Agent

The report details that the attacker, identified as bandcampro, engaged with the Gemini CLI in over 200 AI sessions between May and June 2026. Logs analyzed by researchers indicate the AI provided technical troubleshooting assistance on at least 59 instances and offered optimizations for operational procedures conducted by the actor.

Botnet Targeting a Dental Clinic

The threat actor deployed a botnet targeting eight devices at a dental clinic, aiming to infiltrate the OpenDental database. The AI was instructed to simulate the role of an authorized penetration tester, enabling it to respond without triggering standard safety alerts.

Custom Skill File Integration

A custom skill file integrated with the AI contained detailed guidance on C2 architecture, infection methods, persistence strategies, troubleshooting protocols, and daily operational directives.

AI-Driven C2 Migration

The report highlights that the attacker relied on Gemini CLI to shift the botnet to a new C2 infrastructure. Upon receiving the instruction “Study the C2 migration,” the AI processed a migration guide and generated necessary code, server configurations, VPS deployment plans, Cloudflare Tunnel setups, and initial debugging procedures.

Successful Migration Process

The entire migration process was completed in approximately six minutes. When some infected systems initially failed to reconnect to the updated server, the AI detected conflicting traffic between the old and new C2 infrastructure. After decommissioning the previous server, all compromised machines successfully reestablished connections, restoring full functionality.

Operational Framework and Malware Details

Investigators noted the botnet was managed almost exclusively through natural language prompts. The AI was tasked with determining which systems were active, listing files on compromised machines, and creating new infection vectors. The operational framework consisted of three plain-text files totaling around 5 KB, including a Gemini jailbreak prompt, a C2 playbook, and a migration guide.

Malware Complexity and Persistence

The malware itself was described as minimally complex, employing an in-memory Python HTTP server and PowerShell agents. Persistence mechanisms included Scheduled Tasks and WMI. The attacker also used the AI to generate potential password combinations for WordPress accounts and analyze 1Password data breaches for exploitable credentials.

AI Limitations and Expert Warning

However, the AI declined a request to develop a self-propagating agent, prompting the threat actor to redirect efforts toward alternative activities. A cybersecurity expert emphasized that generative AI tools, when misused, can significantly amplify the efficiency and capabilities of cybercriminals.

Call for Stricter Security Measures

The incident underscores the need for developers of AI-driven automation systems to implement stricter security measures, continuous monitoring, and robust safeguards to detect and mitigate such threats.

“Generative AI tools, when misused, can significantly amplify the efficiency and capabilities of cybercriminals,” said a cybersecurity expert.



About Author

en_USEnglish